[go: up one dir, main page]

CN1496503A - Method and apparatus for improving protection of computer-presented information - Google Patents

Method and apparatus for improving protection of computer-presented information Download PDF

Info

Publication number
CN1496503A
CN1496503A CNA018190197A CN01819019A CN1496503A CN 1496503 A CN1496503 A CN 1496503A CN A018190197 A CNA018190197 A CN A018190197A CN 01819019 A CN01819019 A CN 01819019A CN 1496503 A CN1496503 A CN 1496503A
Authority
CN
China
Prior art keywords
data
rendering
controller
buffer
protected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA018190197A
Other languages
Chinese (zh)
Other versions
CN100430859C (en
Inventor
��D�����ɺ�
D·莱纳汉
L·吉拉德
S·普雷斯顿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Publication of CN1496503A publication Critical patent/CN1496503A/en
Application granted granted Critical
Publication of CN100430859C publication Critical patent/CN100430859C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/84Protecting input, output or interconnection devices output devices, e.g. displays or monitors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09GARRANGEMENTS OR CIRCUITS FOR CONTROL OF INDICATING DEVICES USING STATIC MEANS TO PRESENT VARIABLE INFORMATION
    • G09G5/00Control arrangements or circuits for visual indicators common to cathode-ray tube indicators and other visual indicators
    • G09G5/36Control arrangements or circuits for visual indicators common to cathode-ray tube indicators and other visual indicators characterised by the display of a graphic pattern, e.g. using an all-points-addressable [APA] memory
    • G09G5/39Control of the bit-mapped memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Communication Control (AREA)

Abstract

An improvement to a graphics controller to prevent the contents of selected portions of the frame buffer from being read by devices external to the graphics controller. The invention defines one or more viewable rectangles in the frame buffer as a protected write-only area. Any attempt to read data from the protected area of the frame buffer triggers a security violation which can delete or destroy the contents of that area to prevent it from being read. The controller can also operate in a bypass mode in which the security functions are bypassed so the graphics controller operates in a conventional manner. A security violation may return the controller to the bypass mode. The invention can prevent protected data, such as copyrighted data downloaded over the Internet, from being copied from the frame buffer and used in an unauthorized manner.

Description

The method and apparatus of the information protection that improvement is presented by computing machine
The background of invention technology
1. invention field
The present invention relates generally to computer security.Especially, it relates to the electronic document of protection on a computing machine and can not be subjected to that bootlegging or other are harmful intervenes.
2. description of Related Art
The widespread use of Internet and Email made virus that millions of personal computers (PC) are downloaded easily, and other type can be under the ignorant situation of the PC operator that is everlasting Rogue program, duplicate and upload private document and carry out the attack of the Malware of other harmful action.Owing to created so many opportunitys with download of malware unawares, so ever-increasing this problem that doubled significantly of popularizing that downloads.Because their open architecture, most of PCs provides very little protection to this destructive software.This just opening makes the PC platform become the supplier of universal solution.The computing machine of other type also is being subjected to this attack in varying degrees easily, but generally using of PC made the problem that appears on the PC cause more attention.
In the past, because the character of open PC platform makes entitlement be subjected to the attack of harmful software that can parallel running easily, so being unwilling, the owner of copyright information or other intellecture property allow their entitlement in sight on the PC platform (book, film, responsive company's document etc.).Although the destructive software (virus) of self-replacation causes maximum attentions, the copyright owner is concerned about that more they allow to download to the bootlegging and the issue of any document of computing machine.This is especially true the book that electric mode can be used for e-book or by the text of downloading those books via network such as Internet.Duplicate download, the easiness of the document in the PC makes it be convenient to unlawfully reproduce and send the data of copyright, and the copyright owner does not detect this activity.
Fig. 1 has shown the system 10 of a routine.Provide shielded content via passage 11 to storage subsystem 12, it is stored in is used for follow-up use in the storage subsystem 12 with the enciphered data form.Passage 11 can be that Internet connects and be used to receive the part with the PC of network data.Storage subsystem 12 can be a primary memory, the storer of the hard disk on PC or some other form.When DSR is used to be current, it can be retrieved out from storer 12, and offers player 14 so that handle.Player 14 normally operates in the software among the PC.The deciphering of enciphered data can be carried out in player 14, and wherein player 14 can also reset data layout.Can pass to graphics subsystem 16 to the data of handling via passage 15 then, there it is formatd in case via passage 17 present to actual display device, such as video monitor.Attention: although used term " document " and " demonstration " at this, this scheme is applicable to graphics video data and the voice data by loudspeaker plays equally well, such as music.
Fig. 2 has shown the graphics controller 16 of a routine.Mainly be to concentrate on to be used to the data that transmit and store before to protecting the trial of data download.Yet, in case data are decrypted, format and sent to graphics controller 16 by main interface 21, the bit image of those data is placed in the video memory 22 usually, and data are repeatedly read and are transferred to a display device by output port 23 in this video memory 22.Because dirigibility and availability, the content in the video memory 22 can be read by the PC that realizes player 14 by main interface usually, and also can be read by same interface by miscellaneous equipment.Many graphics controllers also have an auxiliary interface 24, and it also allows to have the performance that video memory 22 is carried out read and write by miscellaneous equipment, and allow the direct transmission of video data to output port 23 when needing that performance.Output port 23 does not provide the memory read performance usually.Yet interface 21 and 24 provides two ports, can obtain data in video memory 22 by them, then these data are preserved and/or transmission so that show in uncommitted mode later on.With regard to transfer efficiency, the illegal software that obtains bit image from video memory also can use the text font map that is kept among the PC, to explain this bit image and any displayable text-converted to be returned a kind of word processing form of standard.Therefore; by using the resource that in PC, can freely obtain; the data that are protected according to supposition in graphics controller 16 can not only be retrieved and can be stored and/or be transferred to another equipment, and institute's data retrieved can be reversed a kind of more small-sized and available form that is designed to before this storage/transmission.
Because many players are the forms with the PC of the modification of the load software of being harbored evil intentions easily, so but graphics subsystem expose like this and caused and stop the safety problem of using PC to be used for the protected video data of needs, all video datas if any copyright.In case data are placed in the graphics subsystem 16, these data just are subjected to unlawfully being placed on the uncommitted monitoring of the software in the computing machine and obtaining easily.
It is not only the Malware of having downloaded that can damage data security.PC operator may wish unlawfully to duplicate he or she legally data downloaded so that unlawfully use afterwards or issue.
Summary of the invention
One embodiment of the present of invention comprise a kind of method, and it comprises: be received in the data in the impact damper of presenting that present controller, and receive the request that presents the data the impact damper that reads in from a requestor.It further comprises: in response to this request deleted data from present impact damper, and data are not sent to the requestor in response to this request.
Brief Description Of Drawings
Fig. 1 has shown a prior art system.
Fig. 2 has shown the graphics controller of a prior art.
Fig. 3 has shown a graphics controller of the present invention.
Fig. 4 has shown a control circuit of the present invention.
Fig. 5 has shown a system of the present invention.
Detailed description of the present invention
When downloading electronic document to a computing machine from publisher/owner and be used to show, data uncommitted duplicated, changes, revises, destroys or other harmful effect can take place at some positions.During being sent to player, in player inside, in the player outside with at the display place, need prevent that data are subjected to those harmful effects.This invention is intended to protect the data in graphics subsystem, and can comprise in player that element is to realize that protection.
Fig. 3 has shown a graphics controller 30 of the present invention.Reproduction data from player can be used for being stored in afterwards video memory 32 by main interface 31 receptions.Storer 32 comprises a frame buffer, is used to store the part that in fact is shown of institute's memory image.Can send to an output interface 33 to the data that come from frame buffer then, by its send one the signal of correct formatization to display apparatus.Output interface 33 can comprise a random access memory digital to analog converter (RAMDAC), and it becomes digitized data-switching the simulating signal of specifying color rendition that has of one or more correct formatizations.The display apparatus of other type can require a different output interface, so that formatted data in a different manner, but the overall process in graphics controller 30 is identical basically.Satellite interface 34 can also perhaps directly provide video data to output interface 33 be provided to the auxiliary port of data channel 18 for video memory 32 data designated.Yet; be different from conventional graphics controller; graphics controller 30 can comprise a control circuit 35; monitoring and/or to be controlled at the data that flow between video memory 32 and any one interface 31 or 34, and it also is used for being stored in the mode control of video storer 32 that secure data is not wherein illegally read by the equipment outside the graphics controller 30 with protection.Therefore control circuit 35 can and play doorkeeper's effect in video memory 32 between the equipment outside the graphics controller 30.
The operation of control circuit 35 can be broken down into several functional areas: pattern control, security set, security breach detect, response and termination to destroying.Be described in greater detail below these:
Pattern control
Control circuit 35 (so graphics controller 30) can have two kinds of patterns: safe mode and bypass mode.In bypass mode, the security feature of control circuit 35 has been avoided, and graphics controller 30 can be worked effectively as a conventional graphics controller.In safe mode, control circuit 35 can realize that security function is read by interface 31 with all or a part of content that prevents video memory 32.If interface 34 has reading performance, then control circuit 35 can also be connected to interface 34 and is read by interface 34 to prevent video memory 32.Can set up this pattern by one or more order from computer control circuit 35.In one embodiment, mode command, other address and video data of ordering, being correlated with and other order that will be written to video memory and data all can be by interface 31 inputs.In another embodiment, can be by one or more independent interface (not shown) input command and addresses.In one embodiment, can utilize an external command to enter safe mode simply, can withdraw from safe mode but have only when at first deleting secure data.This has prevented illegal software closed safe pattern simply, so that protected data can read with being without prejudice.
Security set
Display apparatus in conventional system often shows a plurality of windows simultaneously, some in them and other is overlapped.Therefore frame buffer can comprise the part of a plurality of windows or window in arbitrary preset time.Because all window displayed are all in frame buffer, and frame buffer can read by the external unit in the conventional system, so the displayed content in any window can freely be conducted interviews by the external unit in the conventional system.
When the document of copyright or other secure data had been shown, the window that comprises that secure data may only be in the positive several windows that are shown on the display apparatus various piece simultaneously.Several in those windows may comprise the operator and wish the dangerous data handled with standard mode.For example, when the each several part of the e-book of checking safely, have copyright in a window, the operator may wish to read Email or search the appointment notebook in another window, rather than must withdraw from from the e-book application program.Therefore, shielded partial data may only be the subclass of frame buffer, and the security of these data should be respectively from remaining shown data definition.
The present invention can define the coordinate of a security window in frame buffer.These coordinates can be comprised in one group of register, the relative angle of a rectangle display window of they definition, such as the upper left and lower right corner of that window.Any data that are positioned at this window are considered to safe, and can be protected.In one embodiment, one or more groups register is exclusively used in and defines security window by this way.In another embodiment, as long as defined window comprises secure data, the existing register of definition window just is appointed as safe register temporarily, in case but secure data is automatically deleted and/or this window is closed, and those registers just can turn back to non-safe condition.In two embodiment, organize register more and can be used to define a plurality of security windows, so that can on different windows, carry out security function simultaneously.Attention: although used term " register " at this, the present invention also can use the data-carrier store of other form to keep the coordinate of security window, and the sort memory piece comprises a plurality of storage unit.This conspicuous design tradeoff scheme is within general circuit design person's limit of power.
Safe register can be by the suitable coordinate that order loading security window is set that interface 31 transmits that passes through.The combination that this supposition interface 31 supports to transmit order and data.Perhaps, can being set, order pass to control circuit 35 by another interface (not shown) that is in particular this purpose appointment.In one embodiment, in case imported these order is set, under the situation that does not have deletion by the protected data of these coordinate definition, the safe coordinate of appointment just can not be changed.This has prevented from only to arrive another position and the Malware of access security data by the coordinate that changes the protected field.
Security breach detects
Do not consider the register configuration used, data in security window can be regarded as being used for a write data of all devices except that output circuit 33, wherein output circuit 33 must read the content of video memory where necessary in case make it can be on a display apparatus displayed image.All miscellaneous equipments, promptly can read the equipment of video memory by interface 31,34 or other any attached port, being under an embargo reads in any data by in the content-defined window of safe register.Can read in data in the frame buffer, beyond this defined security window with normal mode.This has prevented that effectively the predefined secure data in frame buffer from illegally being read, duplicating or transmitting by Malware, and does not hinder the normal running to other data in the frame buffer.
The detection of the security breach of attempting can be accompanied by the address of any request of reading of data from video memory 32 of monitoring.If the address of being asked is dropped between the address at diagonal angle two storages, that defined a protected window, destruction has then appearred.When a plurality of security windows are defined simultaneously, can carry out independent comparison to each security window.The destruction of arbitrary security window can be triggered a response.
To the response that destroys
Can carry out non-read functions in many ways.In one embodiment, when an equipment is attempted from by the safety zone of safe register definition reading of data, a video data that the data protector will return video data rather than be asked in graphics controller 30.Controller may return a pure color (such as blueness, black, white etc.) for all positions in the protected field.Controller can also return random data, produces a width of cloth still image.Another option is to return a window that has an alert message, and alarm operation person's protected data has been requested this fact.
Second embodiment provides more protection.In this embodiment, any from the protected part of video memory the trial of reading of data can cause the protected part that clears data by data protector.This by with other data, rewrite protected data such as aforesaid pure color, random data or error message and realize.This step can be succeeded by withdrawing from safe mode, so that make the window of being asked can be used for reading, but secure data is no longer among it.These actions can also trigger other defense mechanism, still are kept at other secure data on the disk with encrypted form or are cut to the connection of the remote source of secure data such as alarm operation person, deletion.This rapid action can prevent attack replacement, repeatedly to secure data by fully delete secure data from system.
Some computer system, on graphics controller, provide an aerial lug such as PC on knee, so that can connect other display apparatus.Except previously described feature, when being shown, secure data can provide extra protection, so that make external unit can not in time write down this signal by forbidding the external graphics connector.
Stop
When the needs that show protected data finish, can be published to control circuit 35 to order and change to bypass from safety with the deletion security window and/or the pattern of affected window.No matter be which kind of situation, can be at first from video memory, remove protected data in that window interior so that it can not read by external unit subsequently.Can realize that one or more stops the order of safe mode in this manner.Perhaps, can trigger termination, whereby artificially to force to stop in " to the response that destroys " following described mode as above by attempting reading protected data simply.
Fig. 4 has represented the view of an embodiment of control circuit 35 in more detail.Although can imitate this figure to make circuit, Fig. 4 is used for Presentation Function relation rather than circuit and connects.Can from interface 31, receive order, address and data by circuit 41.Although Fig. 4 has shown all orders of passing through a common port, address and data input circuit 41, also can provide different input port and circuit with processing command and data respectively.Logic 41 also can be divided into independent part (not shown), and a command processor is used for processing command and/or relevant address, and another is used for processing video data to video memory/from the video memory processing video data.After interface 31 receives, can be by the data process method in circuit 41 along going the data path 40 in video memory 32 ways to transmit video data.Can also move at reverse direction from the reading of data of video memory 32 request, and when allowing this reading of data affairs, be provided for the requestor along bi-directional data path 40.
Can the decode pattern in the circuit 35 that is input to or order is set of command process logic in circuit 41.Safe mode command can cause circuit 49 to be set up, and the pattern of enabling is enabled door 46 whereby.This enables safe mode conversely, so that any order and data subsequently will be handled according to demand for security.Command process logic in circuit 41 can also be accepted the upper left of a security window and bottom right coordinate, and they are placed into 45 li of the address registers of upper left address register 44 and bottom right respectively.These can be the safe register that is exclusively used in security function, perhaps can be appointed as the existing register of safe register temporarily.Subsequently, when receiving a read command, command decoder logic 41 can be placed on the address of reading of being asked in the register 42, in register 42 it and two coordinate address in register 44,45 is compared.If the address in sense command is dropped on upper left and address, bottom right (comprising this two addresses) between, then address comparison logic 43 can be set to the circuit of pattern enabling gate 46, it can play the effect of a security breach detecting device.If another input of pattern enabling gate 46 has been set up (because circuit is in safe mode); then door 46 can be activated to the circuit of data protector 47, triggers the series of steps that detected security breach is responded by the secure data and the safe mode of may stopping using of deletion in frame buffer.
Fig. 5 has shown a system 50 of the present invention.Can import shielded content from a supplier by passage 11, then it is kept in the storage medium 12, as in the prior art.The data that are used to present can be passed to player 54 then, and it has the performance that is implemented in the above-mentioned security feature in the graphics controller 30.Passage 55 and 57 can transmit video data respectively to graphics controller 30 and display.The present invention can realize with circuit or as method.The enough special logics of energy, state machine, processor or these combination in any are implemented in the functional steps in the first previous paragraphs.The present invention can also be implemented as and be stored in an instruction on the machine readable media, and it can be read and be moved by at least one processor carries out function described here.Machine readable media comprises any being used for a kind of form storage that can be read by a machine (for example, computing machine) or the mechanism of transmission information.For example, a kind of machine readable media can comprise ROM (read-only memory) (ROM); Random-access memory (ram); The magnetic disk memory medium; Optical storage media; Flash memory device; Electricity, light, sound or other forms of transmitting signal (for example, carrier wave, infrared signal, digital signal etc.) and other.
Just the frame buffer in a Video Controller has been described the present invention.Yet it goes for the data presentation of other form.Video Controller can be extended to one and present controller, and it can also take an audio-frequency information that presents download, such as the form of the Audio Controller of music or spoken words.Frame buffer can be extended to one and present impact damper, and it also can take voice data that a temporary transient storage will play, it is shielded to comprise and the form of the audio buffer of the combination of protected audio data not.One of the present invention is used the embodiment of voice data can be used to playing back music or provide an e-book of hearing that is used for poor or weak eyesight.
Foregoing description is used for illustrating rather than is used for limiting.Will expect to those skilled in the art changing.Intention makes those variations in the present invention involved, and it is only limited by the spirit and scope of accessory claim.

Claims (22)

1.一种方法,包含:1. A method comprising: 在一呈现控制器的一呈现缓冲器中接收数据;receiving data in a presentation buffer of a presentation controller; 从一请求者接收一条读取在呈现缓冲器中的数据的请求;receiving a request from a requestor to read data in the rendering buffer; 响应于该请求从呈现缓冲器中删除数据;以及removing data from the rendering buffer in response to the request; and 响应于该请求不传送该数据给请求者。The data is not transmitted to the requestor in response to the request. 2.如权利要求1所述的方法,其特征在于:呈现控制器是一个图形控制器,而呈现缓冲器是一个帧缓冲器。2. The method of claim 1, wherein the rendering controller is a graphics controller and the rendering buffer is a frame buffer. 3.如权利要求1所述的方法,其特征在于:接收数据包括把呈现控制器置于在安全模式。3. The method of claim 1, wherein receiving data comprises placing the presentation controller in safe mode. 4.如权利要求1所述的方法,其特征在于:删除数据包括使呈现控制器退出安全模式。4. The method of claim 1, wherein deleting data comprises taking the presentation controller out of safe mode. 5.如权利要求1所述的方法,其特征在于:不传送数据包括传送除了所请求数据之外的数据。5. The method of claim 1, wherein not transmitting data comprises transmitting data other than the requested data. 6.一种在其上存储有指令的机器可读介质,当该指令由至少一个处理器执行时使所述至少一个处理器执行如下操作:6. A machine-readable medium having stored thereon instructions that, when executed by at least one processor, cause the at least one processor to: 在一呈现控制器的一呈现缓冲器中接收数据;receiving data in a presentation buffer of a presentation controller; 从一请求者接收一条读取在呈现缓冲器中的数据的请求;receiving a request from a requestor to read data in the rendering buffer; 响应于该请求从呈现缓冲器中删除数据;以及removing data from the rendering buffer in response to the request; and 响应于该请求不传送该数据给请求者。The data is not transmitted to the requestor in response to the request. 7.如权利要求6所述的介质,其特征在于:呈现控制器是一个图形控制器,而呈现缓冲器是一个帧缓冲器。7. The medium of claim 6, wherein the rendering controller is a graphics controller and the rendering buffer is a frame buffer. 8.如权利要求6所述的介质,其特征在于:接收数据包括把呈现控制器置于在安全模式。8. The medium of claim 6, wherein receiving data includes placing the presentation controller in safe mode. 9.如权利要求6所述的介质,其特征在于:删除数据包括使呈现控制器退出安全模式。9. The medium of claim 6, wherein deleting data comprises taking the presentation controller out of safe mode. 10.如权利要求6所述的介质,其特征在于:不传送数据包括传送除了所请求数据之外的数据。10. The medium of claim 6, wherein not transmitting data comprises transmitting data other than requested data. 11.一个装置,包含:11. A device comprising: 一个呈现控制器,具有:A presenting controller, with: 一个呈现缓冲器;a rendering buffer; 一个处理命令和地址的命令处理器;a command processor that handles commands and addresses; 一个数据处理器,连接到呈现缓冲器,以监控数据以及把至少一部分数据传递给呈现缓冲器;a data processor, connected to the rendering buffer, to monitor data and transfer at least a portion of the data to the rendering buffer; 一个安全破坏检测器,检测一个请求者发出的一条读取在呈现缓冲器中的受保护数据的请求;以及a security breach detector that detects a request from a requestor to read protected data in the rendering buffer; and 一个数据保护器,连接到数据处理器以防止提供受保护的数据给请求者。A data protector, connected to the data processor to prevent the provision of protected data to the requester. 12.如权利要求11所述的装置,其特征在于:数据保护器进一步在检测到读取受保护数据的请求时从呈现缓冲器中清除受保护的数据。12. The apparatus of claim 11, wherein the data protector further clears the protected data from the rendering buffer upon detecting a request to read the protected data. 13.如权利要求11所述的装置,其特征在于:呈现控制器是一个图形控制器,而呈现缓冲器是一个帧缓冲器。13. The apparatus of claim 11, wherein the rendering controller is a graphics controller and the rendering buffer is a frame buffer. 14.如权利要求11所述的装置,其特征在于:呈现控制器包括一旁路模式,它不能防止把受保护的数据提供给请求者。14. The apparatus of claim 11, wherein the presentation controller includes a bypass mode that does not prevent the protected data from being provided to the requester. 15.如权利要求14所述的装置,其特征在于该数据保护器:15. The device of claim 14, wherein the data protector: 当检测到读取受保护数据的请求时从呈现缓冲器中清除受保护的数据;以及clearing the protected data from the rendering buffer when a request to read the protected data is detected; and 在所述清除之后把呈现控制器置于旁路模式。The presentation controller is placed in bypass mode after the cleanup. 16.如权利要求11所述的装置,其特征在于:数据保护器将传送除了所请求数据之外的数据。16. The apparatus of claim 11, wherein the data protector is to transmit data other than the requested data. 17.一个系统,包含:17. A system comprising: 一个呈现电路,包括:A rendering circuit including: 一个接收数据的输入接口;an input interface for receiving data; 一个发送用于呈现的数据的输出端口;an output port to send data for rendering; 一个连接到输出端口的呈现缓冲器;a rendering buffer connected to the output port; 一个呈现控制器,连接到呈现缓冲器和输入接口,并且具有:A rendering controller, connected to the rendering buffer and input interface, and having: 一个处理命令和地址的命令处理器;以及a command handler that handles commands and addresses; and 一个数据处理器,监控数据并且把至少一部分数据传递给呈现缓冲器;a data handler that monitors data and passes at least a portion of the data to the rendering buffer; 一个安全破坏检测器,检测一个请求者发出的一条读取在呈现缓冲器中的受保护数据的请求;以及a security breach detector that detects a request from a requestor to read protected data in the rendering buffer; and 一个数据保护器,防止提供受保护的数据给请求者。A data protector that prevents providing protected data to requesters. 18.如权利要求17所述的系统,其特征在于:数据保护器进一步在检测到读取受保护数据的请求时从呈现缓冲器中清除受保护的数据。18. The system of claim 17, wherein the data protector further clears the protected data from the rendering buffer upon detecting a request to read the protected data. 19.如权利要求17所述的系统,其特征在于:呈现控制器是一个图形控制器,而呈现缓冲器是一个帧缓冲器。19. The system of claim 17, wherein the rendering controller is a graphics controller and the rendering buffer is a frame buffer. 20.如权利要求17所述的系统,其特征在于:呈现控制器包括一旁路模式,它不能防止把受保护的数据提供给请求者。20. The system of claim 17, wherein the presence controller includes a bypass mode that does not prevent protected data from being provided to the requester. 21.如权利要求20所述的系统,其特征在于该数据保护器:21. The system of claim 20, wherein the data protector: 当检测到读取受保护数据的请求时从呈现缓冲器中清除受保护的数据;以及clearing the protected data from the rendering buffer when a request to read the protected data is detected; and 在所述清除之后把呈现控制器置于在旁路模式。The presentation controller is placed in bypass mode after the cleanup. 22.如权利要求17所述的系统,其特征在于:数据保护器将传送除了所请求数据之外的数据。22. The system of claim 17, wherein the data protector is to transmit data other than the requested data.
CNB018190197A 2000-09-20 2001-09-20 Method and apparatus for improving protection of computer-presented information Expired - Fee Related CN100430859C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/665,826 2000-09-20
US09/665,826 US7007304B1 (en) 2000-09-20 2000-09-20 Method and apparatus to improve the protection of information presented by a computer

Publications (2)

Publication Number Publication Date
CN1496503A true CN1496503A (en) 2004-05-12
CN100430859C CN100430859C (en) 2008-11-05

Family

ID=24671710

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB018190197A Expired - Fee Related CN100430859C (en) 2000-09-20 2001-09-20 Method and apparatus for improving protection of computer-presented information

Country Status (9)

Country Link
US (1) US7007304B1 (en)
EP (1) EP1350149B1 (en)
CN (1) CN100430859C (en)
AT (1) ATE507536T1 (en)
AU (1) AU2002211253A1 (en)
BR (1) BR0114014A (en)
DE (1) DE60144534D1 (en)
TW (1) TW576961B (en)
WO (1) WO2002025416A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100357864C (en) * 2005-01-31 2007-12-26 深圳市证通电子股份有限公司 Keyboard encrypting method
CN101090397B (en) * 2006-06-13 2010-12-15 国际商业机器公司 Method, device and computer system for performing transactions between a client and a server
CN109473062A (en) * 2017-09-08 2019-03-15 乐金显示有限公司 Organic light emitting diode display and method of operation

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7007304B1 (en) * 2000-09-20 2006-02-28 Intel Corporation Method and apparatus to improve the protection of information presented by a computer
US7055038B2 (en) * 2001-05-07 2006-05-30 Ati International Srl Method and apparatus for maintaining secure and nonsecure data in a shared memory system
US7073070B2 (en) 2001-06-29 2006-07-04 Intel Corporation Method and apparatus to improve the protection of information presented by a computer
US7380130B2 (en) 2001-12-04 2008-05-27 Microsoft Corporation Methods and systems for authentication of components in a graphics system
US7065651B2 (en) 2002-01-16 2006-06-20 Microsoft Corporation Secure video card methods and systems
EP1491017A1 (en) * 2002-03-28 2004-12-29 Oleksiy Yuryevich Shevchenko Method and device for computer memory protection against unauthorized access
US7206940B2 (en) 2002-06-24 2007-04-17 Microsoft Corporation Methods and systems providing per pixel security and functionality
US8155314B2 (en) * 2002-06-24 2012-04-10 Microsoft Corporation Systems and methods for securing video card output
US7474312B1 (en) * 2002-11-25 2009-01-06 Nvidia Corporation Memory redirect primitive for a secure graphics processing unit
US7293178B2 (en) 2002-12-09 2007-11-06 Microsoft Corporation Methods and systems for maintaining an encrypted video memory subsystem
EP1548601A1 (en) * 2003-12-23 2005-06-29 Stmicroelectronics SA Memory access control in an electronic apparatus
US7941860B2 (en) * 2005-05-13 2011-05-10 Intel Corporation Apparatus and method for content protection using one-way buffers
US8564598B2 (en) 2007-08-15 2013-10-22 Nvidia Corporation Parallelogram unified primitive description for rasterization
US20090172331A1 (en) * 2007-12-31 2009-07-02 Balaji Vembu Securing content for playback
US8516260B2 (en) * 2008-10-27 2013-08-20 Advanced Micro Devices, Inc. Method, apparatus, and device for providing security among a calling function and a target function
GB2484717B (en) * 2010-10-21 2018-06-13 Advanced Risc Mach Ltd Security provision for a subject image displayed in a non-secure domain
US10511578B2 (en) * 2016-03-04 2019-12-17 Intel Corporation Technologies for secure content display with panel self-refresh
JP2019133345A (en) * 2018-01-30 2019-08-08 東芝メモリ株式会社 Data accumulating device, data processing system and data processing method
CN111312157B (en) * 2020-03-04 2021-05-25 深圳市艾比森光电股份有限公司 LED display screen, configuration updating method thereof, receiving card and display module

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4862156A (en) * 1984-05-21 1989-08-29 Atari Corporation Video computer system including multiple graphics controllers and associated method
JPH01110295A (en) 1987-10-23 1989-04-26 Hitachi Ltd Water pressure control unit inspection equipment
JP3305737B2 (en) * 1991-11-27 2002-07-24 富士通株式会社 Confidential information management method for information processing equipment
US5881287A (en) 1994-08-12 1999-03-09 Mast; Michael B. Method and apparatus for copy protection of images in a computer system
JPH0922385A (en) * 1995-07-05 1997-01-21 Rohm Co Ltd Data security device and method
US5675321A (en) * 1995-11-29 1997-10-07 Mcbride; Randall C. Personal computer security system
US6011473A (en) * 1998-01-13 2000-01-04 Micron Electronics, Inc. Method for generating an alarm in a portable computer system
US6298446B1 (en) * 1998-06-14 2001-10-02 Alchemedia Ltd. Method and system for copyright protection of digital images transmitted over networks
IL124895A0 (en) * 1998-06-14 1999-01-26 Csafe Ltd Methods and apparatus for preventing reuse of text images and software transmitted via networks
US6731756B1 (en) * 1999-06-21 2004-05-04 Elisar Software Corporation, Inc. Method for securing video images
US7007304B1 (en) * 2000-09-20 2006-02-28 Intel Corporation Method and apparatus to improve the protection of information presented by a computer
US7073070B2 (en) * 2001-06-29 2006-07-04 Intel Corporation Method and apparatus to improve the protection of information presented by a computer

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100357864C (en) * 2005-01-31 2007-12-26 深圳市证通电子股份有限公司 Keyboard encrypting method
CN101090397B (en) * 2006-06-13 2010-12-15 国际商业机器公司 Method, device and computer system for performing transactions between a client and a server
CN109473062A (en) * 2017-09-08 2019-03-15 乐金显示有限公司 Organic light emitting diode display and method of operation
CN109473062B (en) * 2017-09-08 2021-08-17 乐金显示有限公司 Organic light emitting diode display and method of operation

Also Published As

Publication number Publication date
CN100430859C (en) 2008-11-05
US7007304B1 (en) 2006-02-28
TW576961B (en) 2004-02-21
ATE507536T1 (en) 2011-05-15
DE60144534D1 (en) 2011-06-09
EP1350149A2 (en) 2003-10-08
BR0114014A (en) 2004-02-10
AU2002211253A1 (en) 2002-04-02
WO2002025416A3 (en) 2003-07-17
WO2002025416A2 (en) 2002-03-28
EP1350149B1 (en) 2011-04-27

Similar Documents

Publication Publication Date Title
CN1496503A (en) Method and apparatus for improving protection of computer-presented information
US7073070B2 (en) Method and apparatus to improve the protection of information presented by a computer
US20030167350A1 (en) Safe I/O through use of opaque I/O objects
Solomon et al. Computer forensics jumpstart
CN101477676B (en) Protect playback content
JP4717058B2 (en) Access control system for each application program using virtual disk
US20120099219A1 (en) Secure data storage device
JP2020502648A (en) Systems and methods for detecting cryptoware
US20080016127A1 (en) Utilizing software for backing up and recovering data
WO2000049753A2 (en) A secure computer system and access thereto
CN101283332A (en) Information processing device, information processing method, and program
CN102053925A (en) Realization method of data encryption in hard disk
WO2013169434A1 (en) Link status based content protection buffers
WO2009045059A2 (en) Security method of keyboard input by directly controling the keyboard controler
EP0614553A1 (en) Computer memory protection
Hausknecht et al. Anti-computer forensics
CN110069935A (en) Inside protecting sensitive data method and system based on label memory
US20220327211A1 (en) Data processing system and method capable of separating application processes
US20050125352A1 (en) Method for lifetime tracking of intellectual property
US20030131112A1 (en) Computer firewall system
CN106155940A (en) System chip capable of protecting code and code protection method of system chip
CN1157648C (en) Encryption device for computer data
CA2352208A1 (en) Device for removing information from record device, information removing method, information removing program, and record device
US9152636B2 (en) Content protection system in storage media and method of the same
US20020144138A1 (en) Method for maintaining a security perimeter during the handling of digital content

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20081105

Termination date: 20170920

CF01 Termination of patent right due to non-payment of annual fee